Connecting to an Apache Hive endpoint through Apache Knox
If your cluster uses Apache Knox for perimeter security in CDP Private Cloud Base, you can connect to an Apache Hive endpoint through Knox. You set the HiveServer transport mode and reference your Java keystore.
Automate the creation of an internal certificate authority (CA) using Auto-TLS (see link below). Set up SSL, including trust, for Knox Gateway clients.
In Cloudera Manager, click
http. , and change the Hive on Tez service transport mode in Cloudera Manager toKNOX discovers the service automatically and builds a proxy URL for Hive on Tez only when the transport mode is
Knox Gateway TLS/SSL client trust store JKS file from Knox, and save it
You can find the location of the JKS file from value of the Knox property
In the Hive connection string, include parameters as follows:
jdbc:hive2://<host>:8443/;ssl=true;transportMode=http; \ httpPath=gateway/cdp-proxy-api/hive; \ sslTrustStore=/<path to JKS>/bin/certs/gateway-client-trust.jks; \ trustStorePassword=<Java default password>In this example,
changeitis the Java default password for the trust store.